A previously undocumented data wiper named CryWiper is masquerading as ransomware, but in reality, destroys data beyond recovery in attacks against Russian mayor's offices and courts.
CryWiper was first discovered by Kaspersky this fall, where they say the malware was used in an attack against a Russian organization.
"In the fall of 2022, our solutions detected attempts by a previously unknown Trojan, which we named CryWiper, to attack an organization's network in the Russian Federation," explains the new report by Kaspersky.
However, a report by by Russian media says that the malware was used in attacks against Russian mayor's offices and courts.
As the code analysis reveals, the data-wiping function of CryWiper isn't a mistake but a purposeful tactic to destroy targets' data.
Even though CryWiper is not ransomware in the typical sense, it can still cause severe data destruction and business interruption.
Kaspersky says CryWiper does not seem to be associated with any wiper families emerging in 2022, like DoubleZero, IsaacWiper, HermeticWiper, CaddyWiper, WhisperGate, AcidRain, and Industroyer2.